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The era of flux and transformation 


Everyone is now in Conventional security Security professionals Regulatory requirements 
the technology business tools have not kept pace alone can't fill the gap and costs are increasing 
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Zero Trust is a mindset 


> Assumes pervasive risk 


> Every access attempt as if it's originating from an untrusted network 


Zero Trust model 


Principles of Zero Trust 
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Verify explicitly Use least privilege access Assume breach 


PROTECT DETECT 


RESPOND 


Intelligent security 


Identity and access 
management 
Your universal platform 


to manage and 
secure identities 


Threat 
protection 


Stop attacks with integrated 
and 
automated security 


Information 
protection 
Protect your sensitive 


data—wherever it lives 
or travels 


Cloud 
security 


Safeguard your 
cross-cloud resources 


Gain unmatched 
security with Azure 


$1B annual investment 
in cybersecurity 


3500+ global security experts 


Trillions of diverse signals for 
unique intelligence 


Workloads become heterogenous and hybrid 


Blob storage 


D 


Azure Key Vault 
(AKV) 


Azure VM 


Azure Kubernetes Azure SQL 


Azure Container Services (AKS) 
Registry (ACR) 


Private 
Datacenter / 
Other clouds 


Threat actors leverage a variety of exposures to breach 


Exposure Access Lateral movements Actions 
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Common threats 
VMs Containers App services 


Brute force of open management 


ports » Exposed Kubernetes dashboards > Web shell deployment 
Exploit through an unpatched > RBAC not configured in the cluster > server-side request forgery (SSRF) 
vulnerability 


MEE > Insecure container/host configuration > Reconnaissance attempts 
Run bitcoin mining on a 


compromised VM 


SQL Database Storage account Key Vault 


> Use to propagate malware or load 
malicious images/packages 
SQL injection vulnerabilities and 


unneeded resources 


Access by a remote threat actor » Public access to storage accounts 
» Harvest for secrets 


Brute-force against SQL credentials > Harvest for reconnaissance or 
exfiltration of data 


Azure security center 


à 


G Protect against threats 


servers cloud native Data & Storage 


aon 
l 4 Strengthen security posture 


Cloud security posture management 


Secure Score and Policies & compliance 


ed 


Get secure faster 


Protect your workloads from threats 
Use industry's most extensive threat intelligence to gain deep insights 


=> Detect & block advanced malware and 
threats for Linux and Windows Servers on VMs/ 
any cloud Servers 


Protect cloud-native services 


from threats 
Network management 
Protect data services against 


malicious attacks 


Protect your Azure loT solutions with 
near real time monitoring 


Service layer detections: Azure network | | 
Cloud workload protection 


layer and Azure management layer (ARM) 


Azure Security Center 


N Vy v v 


Microsoft Azure (Preview) 


Home > Security Center - Pricing & settings > Settings - Pricing tier 


77 Settings - Pricing tier x 


ASC DEMO 


| 1< Save 


© Search (Ctrl+/) | 


Settings P d The Standard tier provides enhanced security. Learn more » 

I Pricing tier 

% Data Collection Standard 

diodoa w/ Continuous assessment and security recommendations | w Continuous assessment and security recommendations 

O Threat detection w/ Azure Secure Score v Azure Secure Score 

Tz Workflow automation (Preview) X. Justin time VM Access v Just in time VM Access 

E Continuous export (Preview) XX Adaptive application controls and network hardening W Adaptive application controls and network hardening 
x Regulatory compliance dashboard and reports i Regulatory compliance dashboard and reports 
X Threat protection for Azure VMs and non-Azure servers v Threat protection for Azure VMs and non-Azure servers 


(including Server EDR) (including Server EDR) 


X Threat protection for supported PaaS services w/ Threat protection for supported PaaS services 


? Pricing will apply to: 126 resources in this subscription 


^^ Select pricing tier by resource type 


Resource Type Resource Quantity Pricing Plan 
E Virtual machines 45 VMs and VMSS instances $15/Server/Month ( é Enabled Disabled. ) 
2 0 1 8 [aid App Service 5 instances $15/Instance/Month (ESE Disabled ) 


E PaaS SQL servers 6 resources $15/Server/Month CEP Disabled ) 


2019 


By clicking Save, the standard tier will be enabled on selected resource types. The first 30 days are free. 
Virtual machines, SQL servers, App Service instances and Kubernetes Service instances are billed hourly, only for running resources. 
For more information on Security Center pricing, visit the pricing page. 


Get secure fast, just turn it ON 


Protect Linux and Windows VMs from threats 


Reduce open network ports: 


» 


» 


Use Just-in-Time to avoid 
exposure of management ports 


Limit open ports with adaptive 
network hardening 


Protect against malware: 


» 


Block malware with adaptive 
application controls 


Built-in Microsoft Defender 
ATP EDR 


Crash dump analysis and fileless 
attack detections 


Antimalware 
Defender ATP 


On-premise 


Behavior analytics 


Lateral 
Movement 


Azure, AWS, and GCP 


App control 


Malicious code 
execution 


101010 
010101 
101010 


Data 
exfiltration 


Announcing built-in vulnerability assessment for VMs 


Available as part of standard ASC for VM pricing, no extra charge 


» Automated deployment of vulnerability 
scanner 


» Continuously scans installed 
applications to find vulnerabilities 


» Visibility to the vulnerability findings in 
Security Center portal and APIs 


Remediate vulnerabilities found on your virtual machines (powered by Qualys) (Preview) 


urity Center (powered by Qualys). 


91426 


91445 


100269 


100319 


91462 


90954 


105256 


90065 


105190 


45063 


Protect hybrid datacenters and multi-cloud with Azure security center 


Hybrid Server protection for Datacenters and 
other clouds 


Onboard on-prem servers to Security Center 
from Windows Admin Center 


P : . 
fa Auto-onboard AWS EC2 instances using a new 
API connector (preview) 


E*-4, 


"oasecse 


Sno? Be Sr ii 


Q, Search resources, services, and docs (G+/) 


Home ? Security Center - Overview ? Compute 


Compute 
++ Add Comput 
T 
ie) Ta ww e 
Overview VMs and Computers VM scale sets Cloud services App services 
| | Resource type: All v | | Severity: all 
| [Gearch resources 
NAME ^ Total Severity 
B EC2AMAZ-7Q2SMAE_921793d0-10cb-481a-8852-5dd48dcf2da6 1 of 6 recommendations SSS) 
d ip-172-31-12-79.us-west-1.compute.internal f4983239-b969-4d67-94.. 1 of 6 recommendations [e.c ——] 
KS  EC2AMAZ-RO609OC 30308721-14b5-4668-830b-743939c0aed5 1 of 6 recommendations HEN —— 0 1. 
ES ip-172-31-6-93.us-west-1.compute.internal_3d9b9046-b5d6-4671-85..- 0 of 6 recommendations SES 


Cloud workload protection for hybrid VMs and servers 


Automatic onboarding Elsass 


Ce ntra | ma nageme nt & Sonn hybrid Server security hygiene monitoring Azure 
P E Se Built-in Data 
Cloud native network Adaptive application Ea 
Red uce attack su rface security controls control vulnerability center 
Assessment 
Built-in EDR with Detect and block Other 
Detect adva nced th reats Microsoft Defender advanced threats for Cloud-native detections clouds 


ATP d servers P 
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Server & VM threat protection with 


Azure Security Center 


Protect cloud-native workloads from threats 


» Detect and alert on abnormal 
admin behavior or compromised 
web applications 


» Protects VMSS and containers AUSSER. bago bizk 


from malicious attacks 


» CIS benchmark for Dockers on | 
Linux laaS & vulnerability scanning J 
on ACR images 


>75% of global organizations will be running containerized 
applications in production by 2022 (Gartner) 


Built-in vulnerability assessment for container images 
Public preview available in standard ASC with a new container registries add-on 


A) Search resources, services, and docs (G+/) A AC 


Home > Security Center - Recommendations > Vulnerabilities in Azure Container Registry images should be remediated (powered by Qualys) - (Preview) 176750-Debian Security Update for apache2 (DSA 4422-1) X | 
" e | 
» S e a m | e SS d e | o m e nt a n d c Oo nf igu rat i Oo n Vulnerabilities in Azure Container Registry images should be remediated (powered by Qualys) - (Preview) 
p y g Unhealthy registries Severity Total vulnerabilities. Vulnerabilities by severity Registries with most vulnerabilities. Total vulnerable images ^ Description 
fa | High 10 © High im imagescanprivatepreview — 10 2 Debian has released security update for apache? to fix the vulnerabilities. 
of the Medium o m a 
Low o ^A General information 
vulnerability scanner scd : ad 
—— C pe severity © High 
Recommendation impact Ga) Type ating 
= Published 4/4/2019, 1:52 PM GMT+3 
User impact. c Low 
Patchable Yes 
Implementation effort [08 Moderate 
CVEs CVE-2018- d 
A Threats 


» Scan container images for ue EEE 


© Account breach 


vulnerabilities upon push to an ACR a 


Manual remediation: 
To resolve container image vulnerabilities Refer to Debian security advisory DSA 4422-1 to address this issue and obtain 


A Remediation 


1. Navigate to the relevant resource under the ‘Unhealthy’ section and select the container image you are looking to remediate. further details. 
2. Review the set of failed security checks found by the scan, which are sorted from high to low risk. 


Patch 
3. Click on each vulnerability to view its details and explicit remediation instructions and scripts. wa 


4, Remediate the vulnerability using the provided instructions described in the ‘Remediation’ field. Hoster NGGAK ag paces trn Ne adani ape 


ici ila 1 5. Upload the new remediated image to your registry. Review scan results for the new image to verify the vulnerability no longer exist. GA Ba 
ISIDHIty TO vulnerable container & Dda tha dd age wth he wine om you gi 


Affected resources A Additional information 


images including vulnerabilities details, eeu ener e wandana pr 


. | . fi . d . d Name ^i Vulnerable Images ML ngan 
S eve r | ty C a S S | | cat | O n a n g u l a n ce ZG imagescanprivatepreview ——— | ds bu, eiza k 
. . A Security Checks ® imagescanprivatepreview 21219889-769e-45ae-ab43-6da33bd26 
to remediation ES 
[ ) 
ID Security Check Category Applies To 
176750 Debian Security Update for apache2 (DSA 4422-1) Debian 1 of 3 images 


177008 Debian Security Update for openssl (DSA 4475-1) Debian 2 of 3 images 


Cloud workload protection for containers 


Now available in standard Azure security center with the new container service add-on 


Protecting Container hosts (laaS) 
» CIS Docker Benchmark assessment 
» Node Threat Protection 


Protecting AKS 


» Actionable recommendations based on AKS 
best practices 


» Cluster and Node Threat detection based on 
AKS audit log and Node Auditd 


Microsoft Azure 
Home > Security Center - Compute & apps 


EJ Security Center - Compute & apps 
Z Showing subscription ‘ASC DEMO 


-+ Add Computers 


E Overview Dc 
Í E E e E => 
(^ Getting started T 
Overview VMs and Comput: VMscalesets Cloud services App services Containers (Preview) Compute resources 


Il} Pricing & settings 


POLICY & COMPLIANCE Resource type: All V | | Severity: All v 


*$ Coverage 


© Secure score NAME ^, Total 


Severity 
© Security policy GO asc-private-preview 2 of 5 recommendations ee NE 
Š Regulatory compliance XE asc-preview 3 of 5 recommendations —X o 0... 
RESOURCE SECURITY HYGIENE ZO asc-private-preview-rbac 3 of 5 recommendations Lana | 
Recommendations 4$ imagescanprivatepreview 2 of 2 recommendations pa ss | 
© Compute & apps EX. ascdockercontainer 1 of 1 recommendations __ eo —— Ó— 


E, Networking 
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Microsoft 


Microsoft 


Protecting against advanced cloud threats 


o f@ Recommending to use RBAC on K8s 


" Master Node 
2 - Detects suspicious request to K8s API 


3 X Detects privileged container 
it Detects crypto mining image 
“i Detects sensitive volume mount E 


Threat 


Azure VM 
Actor 


Privileged w/ crypto 
2 | API request (deploy miner Eate 
container) 
to Node3 
Node 2 


Vulnerable 
application 


Azure VM Azure VM Azure VM 


Protect data services from threats 


» Prevent & detect threats targeting 
your Azure SQL databases, My SQL, 
PostgreSQL 


» Discover and remediate security 
misconfigurations in Azure SQL = > 
databases ty My === 

» Storage account protection to detect SQL MySQL PostgreSQLAzure Storage 


threats and misuse 


» Discover, classify, label and protect 
sensitive data in your Azure SQL 
databases 


New advanced protection capabilities for data services 


Now in preview 


Protect SQL servers on Azure VMs 
Vulnerability assessment and Advanced Threat Protection to prevent and 
detect threats across SQL estate in Azure 


Malware reputation screening for Azure Storage 
Detect advanced threats in Azure Storage with hash reputation analysis upon 
upload 


Advanced Threat Protection for Azure Key Vault 
Detect unusual and potentially harmful attempts to exploit Azure Key Vault 


Detections of the common cloud threats 


SQL Database detections 
Now available for SQL on laaS 


» SQLinjection 
vulnerabilities and 
attacks 


» Access anomalies by 
location, principal, or 
application 

» Brute-force against SQL 


credentials 


» And more.. 


Storage account detections 


» Malware reputation 
screening or suspicious 
files (.cspkg) 


» Access anomalies by 
location, principal, or 
application 


» Permission change 
anomalies, anonymous 
access detection 


» And more... 


Key vault detections 
Now available in NA regions 


Access from a suspicious 
location, Tor network 


Unusual policy change or 
listing and secret get 


Unusual volume or 
pattern of Key Vault 
operations 


And more... 


Example solution architecture on Azure 


Blob storage 


Azure VM 


Azure Key Vault 
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Azure Kubernetes Azure SQL 


Azure Container Services (AKS) 
Registry (ACR) 


HI D BI 
Private 
Datacenter / 
Other clouds 
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Azure security center 


enterprise integrations 


Driving threat protection through the organization 
Through a central SecOps & cloud governance role 


Governance 
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Threat protection for cloud at scale: GO 
Export assessments and alerts for security roles 


e 9 Microsoft 
X "m I 365 
e 
Network loT A 
Partner 
EN © solutions 
Azure Security Access Multi-cloud Azure 
Center EZE Fr Sentinel 
JE " 101010 
010101 
E m 101010 
loT Compute Network Data 
Azure Security Center Azure Sentinel 


Cloud Workload Protection Cloud Native SIEM 


Automate workflows with ASC 


If true 


Automate workflows with ASC 
Post message in Slack security channel 


Trigger playbooks based on ASC | 
recommendations and alerts 


Built-in playbooks, build your own with T adane 
Azure Logic apps 


Send an notification email 


New community hub 


Share workflows and remediation policies 


with the community the things that you've 
built 


Learn what others did and deploy directly to 
Azure 


Automate and script through API 
and PowerShell 


Protect your workloads against threats: a go-do list 


01 


Good hygiene comes first, 
strengthen your cloud 
security posture 


04 


Integrate alerts into your 
SIEM & notify app owners 


02 03 


Turn on threat protection for all — Reduce attack surface for VMs 
cloud resources with JIT, Network and app controls 


05 


Identify root cause and 
drive new security hygiene 
up 


Azure security center announcements 


Enhanced threat protection for your 
cloud resources with 

security center 

Support for threat protection & vulnerability 


assessment for SQL DBs running on Azure 
laaS VM 


Built-in vulnerability assessment with 
Security Center Standard 


Container security for Azure Kubernetes 
Services with Azure Security Center 


Threat Protection for Azure key vault in 
Public Preview in North America Regions 


Malware reputation screening as part of ATP 
for Azure Storage 


Extending Security Center’s coverage 
with platform for community & 
partners 


Containers À -4 E ed Network 


Access 


loT "m 7-7----7 Compute 


Enhanced cloud security 
posture management 


Secure score simplified 
Support for customer created assessments 
Quick remediation for bulk resources 


Automatic assessment of NIST SP 800-53 R4, 
SWIFT CSP CSCF v2020, Canada Federal PBMM 
and UK Officia! together with UK NHS 


Implement security faster with Security 
Center 


Workflow automation with logic apps 


Improved reporting and export for Security 
Center alerts and recommendations 


Auto-discover, onboard and protect 
your AWS EC2 instances with Azure security 
center 


Onboard on-prem servers to security center from 
Windows Admin Center 
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Develop and operate secure 


apps in the cloud 


Shipping secure applications 


— Build secure applications faster 


Threat modeling, vulnerability scanning, unit testing, 
token scanning, directly inside your release pipeline 


— Protect every layer of your application 


Azure provides you with security tools at the data, network, 
identity and runtime 


Encryption at rest, in transit, and in use 


— Guidance to help you succeed 
Best practices documentation 


Secure Devops toolkit 


Secure DevOps 


Inner and Outer Loop Development 


Outer Loop 


Build and Deploy ; 
Test (Cl) (ep) 


Inner Loop 
í Code Monitoring 
Source dee Run 4 and 


Control 


Debug j Diagnostics 


Securing your codebase with GitHub 


estet rn au, 
eg E EE TT EEE M 


Understand and secure your — — N 
software supply chain 


0 
View and track all your 33 % 


dependencies with Dependency 9: : of enterprise 
Insights and Dependabot : : projects use open 
: E source today 
Get automated security alerts and Oo" 


version patches 


A KANE NA Integrate security into your 
code-to-cloud workflows 


kik ins cea aa +O Scan for thousands of 
: X vulnerabilities with Semmle 


iO Protect leakage of secrets with 
CO GitHub GitHub Token Scanning 


Outer loop 


Available today 
(via Support) 


Microsoft 
Security Code Analysis 


Embrace Secure DevOps by infusing secret scanning, security tools & 


analysis into Azure DevOps CI/CD pipelines as recommended by 
Microsoft's Secure Development Lifecycle (SDL) experts. 


Security Simplified 
Protect code and enable security analysis in your Azure DevOps pipelines by 


simply adding easily configurable build tasks 


. Clean Builds 
) er Address issues and keep your code clean by configuring build breaks to get 


notified when regressions are introduced 


Set it & Forget it 
The extension can ensure the tools stay up-to-date and you never have to worry 


about managing updates 


A 1* Step 


Microsoft Confidential 


Outer loop 


Available today 
(via Support) 


Microsoft Security Code Analysis — Developer Experience 


Enable application security testing and Secure DevOps in CI/CD pipelines 


Credential Sca nning * Easily scan for secret in your Azure DevOps CI/CD pipeline 
d Prevent breaches due to leaked * Includes 25 searchers supporting 70+ file types out of the box 
secrets * Supports custom patterns for your business needs 


* Simple and consistent UI/UX abstracts the complexities of 


Security Code Analysis running various code analysis tools 
Analyze code for common security * Tool set includes BinSkim (compiler flags), Roslyn Analyzers 
vulnerabilities (C#), Anti-Malware Scanner, TSLint (TS & JS) & Security Risk 


Detection (Fuzzing) 


Easily integrate each tool into your existing CI/CD pipeline as 


© 
v 


Stay Clean build tasks 
Identify bugs as they're introduced < Break the build & block PR completion when any tool finds a 
into the codebase. vulnerability 


Produce a summary for each build with all results in 1 report 


A 1* Step 


Microsoft Confidential 
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And one last thought... 


b 


. Gravity continues to shape our universe and our thoughts shape our world 


Together, we can shape the security of our digital world... ! 
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Thank you! 


To learn more, visit 
azure.microsoft.com/en-us/services/security-center/ 


ASC Tech Community Page 


